Transparency International recently published their 2010 Corruption Index, basically ranking 178 countries against the United Nations Convention Against Corruption framework. Looking at the color coded map, what struck me is how similar it looks to the malware “heat map” that Microsoft publishes as part of their Security Intelligence Report, which color codes countries based on how badly infected their PCs are.
Looks like (with some exceptions) there is a high degree of correlation between how corrupt a country is and how badly compromised with malware their consumer and small business PCs are. Aha – malware causes corruption!!
But, my real point was that most of the countries judged as the least corrupt (and the least malware infested) don’t seem to be the places where the data centers of outsourcers and cloud service providers get located. Now, the good news is that I don’t think the ones judged as the most corrupt (Somalia, Myanmar, Afghanistan, Iraq) are big cloud data center locations either. But there are plenty of places low on this list that are popular locations of data centers.
This points out that the physical location of cloud data centers is meaningful – no matter what IT security controls are implemented, if one of the data centers in a network is run corruptly, all are suspect. This was an issue in off-shore outsourcing and it is an issue when cloud services are global. The banking industry dealt with this early on in their Shared Services Assessment program, and as French Caldwell points out their BITS organization has put out risk evaluation guidelines for cloud services.
Scandinavian countries came out very well in the corruption index – and they also appear to be low in malware infection rates. Aha – lack of malware decreases both corruption and average temperature!
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.